Systems and Software

Technology

Systems and Software

Today’s products and services used by consumers are increasingly smarter and sophisticated. The role of high performance hardware (processors, MCUs and SoCs) that is highly programmable enables updates of functionality after products have been shipped to customers. Virtually every electronic device and product can be regarded as a system.

Partitioning or distributing system functions across various hardware blocks and firmware and software is a general practice. Relatively simple products such as e-cigarette devices, or even a steam iron, rely on programmable MCU and algorithms executed by the MCU to implement their functionality involving temperature sensing and control of vapor or steam pressure. Various means of system updating, including OTA (Over The Air) firmware updates, is common practice for mobile consumer devices including: smartphones, tablets and media streaming devices and even vehicles.

As new features and functionalities are added, or existing features are modified through firmware updates, understanding not only the hardware aspect (board level, module level, package level, and IC level details) of a product but also the software and firmware components is becoming increasingly important to uncover and demonstrate the value of a patent in the systems area.

Understanding and analyzing these devices and systems requires a system level approach where hardware analysis (such as circuit analysis or process analysis) is complemented by system level analysis, such as functional testing, firmware and software analysis. Understanding how hardware and firmware/software work together to perform desired functions or tasks is an important enabler to unlocking the value of intellectual properties in the systems (including embedded systems) area.

TechPats focuses on the following areas to address systems and software related matters:

Product teardowns

Functional testing

Firmware extraction & analysis

System and software analysis

Product Teardown

As a first step for any system level analysis, a product teardown focuses on understanding the overall system construction, architecture and components. Information obtained from a product teardown helps one understand the type of processor/MCU/SoC used and any external non-volatile storage (NOR Flash or NAND Flash) for storing firmware module. It also helps to plan for functional testing if necessary.

Functional Testing

In some cases, functional testing may provide a more efficient way to support certain patent claims. Multimedia processing, for example, can be done with functional testing; preparing input vectors (e.g. audio files) and playing them while capturing output could be helpful for some signal coding/decoding related patents. Investigating bus protocols with a protocol analyzer or measuring power consumption under different operating modes are also good examples of functional testing use cases.

For cases where functional testing is required to support patent claims, TechPats can design an efficient functional test to generate functional inputs and observe and analyze output. Designing custom interposer to enable proper driving and monitoring of signals of interest and developing custom FPGA to conduct high speed testing is possible.

Test plans usually have multiple phases to help TechPats’ clients manage risks and costs. Each phase is designed to investigate details of a target device being analyzed gradually to achieve the final goal. At each phase, findings and insights obtained will be used to fine tune and adjust next phase.

TechPats’ wireless testing (live in-network and captive based using an emulator) is a good example of its system level functional testing capability.

Many patents require both hardware and certain algorithmic features which are often implemented in firmware. Based on an understanding of various embedded systems and their operations, TechPats’ firmware analysis capability can extract a target device’ firmware and analyze it against claim elements of a patent. This helps our clients unlock system level patents in areas where it would have been difficult to do so previously.

Test plans usually have multiple phases to help TechPats’ clients manage risks and costs. Each phase is designed to investigate details of a target device being analyzed gradually to achieve the final goal. At each phase, findings and insights obtained will be used to fine tune and adjust next phase.

Firmware analysis would take the following general approach:

Identification of firmware module

Extraction of firmware module (or downloading if applicable)

Disassembly of extracted firmware module

Assessment of analysis feasibility of extracted and disassembled firmware module

Assessment of JTAG connection feasibility

Static analysis of disassembled firmware module

Modification of disassembled firmware module

Reprogramming the target device with modified firmware module

Dynamic analysis of disassembled firmware module

Review of a patent would tell if certain claimed features would be implemented across different levels of a design: circuit, logic and firmware. Once firmware level investigation is found to be necessary, identification of firmware module would be attempted. A firmware module could be available for download or may reside in an on-board non-volatile memory (NOR Flash or NAND Flash memory). TechPats can extract firmware modules from any non-volatile memory devices.

Once a firmware module has been obtained (through extraction or downloading), disassembly of the firmware module is done. Using industry standard disassembly/debug tools such as IDA Pro are used for this task. This allows TechPats to obtain assembly level firmware modules for multiple processor targets (ARM, MIPS, x86, etc) and some DSPs. Any open source codes, if available and applicable, will be obtained and used to complement and augment this task.

Feasibility of firmware analysis depends upon many factors such as encryption, code obfuscation, presence of readable and meaningful strings, among others. By checking these risk factors early on (as soon as firmware module extraction and disassembly have been done), feasibility of a system level analysis will be known at the earliest possible phase of a project helping a client to manage risks and make appropriate decision in a timely manner. If required, feasibility of JTAG connection is also investigated. Potential risk with this is use of secure JTAG which would require a password to connect to the target system through JTAG interface.

Static analysis of disassembled codes would involve identifying relevant codes and modules in the disassembled codes and analyzing them. Using industry standard disassembly/debug tools such as IDA Pro are used for this task.

If necessary, a firmware module could be modified to allow easy analysis and stepping through a number of breakpoints. TechPats has the expertise to analyze and insert necessary breakpoints to a target firmware module and reprogram a target device for dynamic analysis.

Software Analysis

On top of our expertise in circuit, packaging, functional testing and firmware analysis, software analysis expertise allows TechPats to help provide additional support for any of our client’s patent needs. Our internal experts can cover broad ranges of subject matter and can help our client plan optimum IP analysis strategy by providing efficient and custom approach tailored to each client’s unique requirements.

Technology

Talk To TechPats

Subscribe To Our Newsletter

latest blog posts

About us

TechPats is the world’s leading full-service Intellectual Property consulting firm. We bring together patent expertise, technical excellence, and business acumen across a wide range of markets and technologies.